English
Related papers

Related papers: MAZE: Data-Free Model Stealing Attack Using Zeroth…

200 papers

Adversarial samples are perturbed inputs crafted to mislead the machine learning systems. A training mechanism, called adversarial training, which presents adversarial samples along with clean samples has been introduced to learn robust…

Computer Vision and Pattern Recognition · Computer Science 2018-08-07 Vivek B. S. , Konda Reddy Mopuri , R. Venkatesh Babu

Deep Neural Networks (DNNs) are vulnerable to deliberately crafted adversarial examples. In the past few years, many efforts have been spent on exploring query-optimisation attacks to find adversarial examples of either black-box or…

Cryptography and Security · Computer Science 2019-10-16 Derui , Wang , Chaoran Li , Sheng Wen , Surya Nepal , Yang Xiang

With the wide applications of deep neural network models in various computer vision tasks, more and more works study the model vulnerability to adversarial examples. For data-free black box attack scenario, existing methods are inspired by…

Computer Vision and Pattern Recognition · Computer Science 2022-04-05 Wenxuan Wang , Xuelin Qian , Yanwei Fu , Xiangyang Xue

In recent years, the security issues of artificial intelligence have become increasingly prominent due to the rapid development of deep learning research and applications. Backdoor attack is an attack targeting the vulnerability of deep…

Cryptography and Security · Computer Science 2023-12-14 Peixin Zhang , Jun Sun , Mingtian Tan , Xinyu Wang

Masked Autoencoder~(MAE) is a prevailing self-supervised learning method that achieves promising results in model pre-training. However, when the various downstream tasks have data distributions different from the pre-training data, the…

Computer Vision and Pattern Recognition · Computer Science 2024-02-09 Zhili Liu , Kai Chen , Jianhua Han , Lanqing Hong , Hang Xu , Zhenguo Li , James T. Kwok

With the growing popularity of artificial intelligence and machine learning, a wide spectrum of attacks against deep learning models have been proposed in the literature. Both the evasion attacks and the poisoning attacks attempt to utilize…

Cryptography and Security · Computer Science 2022-08-16 Zeyan Liu , Fengjun Li , Jingqiang Lin , Zhu Li , Bo Luo

Transfer-based attacks craft adversarial examples on white-box surrogate models and directly deploy them against black-box target models, offering model-agnostic and query-free threat scenarios. While flatness-enhanced methods have recently…

Computer Vision and Pattern Recognition · Computer Science 2026-01-15 Chunlin Qiu , Ang Li , Yiheng Duan , Shenyi Zhang , Yuanjie Zhang , Lingchen Zhao , Qian Wang

Evasion Attacks (EA) are used to test the robustness of trained neural networks by distorting input data to misguide the model into incorrect classifications. Creating these attacks is a challenging task, especially with the ever-increasing…

Machine Learning · Computer Science 2023-10-06 Ofir Bar Tal , Adi Haviv , Amit H. Bermano

Many machine learning algorithms are vulnerable to almost imperceptible perturbations of their inputs. So far it was unclear how much risk adversarial perturbations carry for the safety of real-world machine learning applications because…

Machine Learning · Statistics 2018-02-19 Wieland Brendel , Jonas Rauber , Matthias Bethge

While machine learning (ML) has made tremendous progress during the past decade, recent research has shown that ML models are vulnerable to various security and privacy attacks. So far, most of the attacks in this field focus on…

Cryptography and Security · Computer Science 2021-11-16 Junhao Zhou , Yufei Chen , Chao Shen , Yang Zhang

Federated learning has quickly gained popularity with its promises of increased user privacy and efficiency. Previous works have shown that federated gradient updates contain information that can be used to approximately recover user data…

Machine Learning · Computer Science 2022-03-21 Liam Fowl , Jonas Geiping , Wojtek Czaja , Micah Goldblum , Tom Goldstein

Membership inference (MI) attacks affect user privacy by inferring whether given data samples have been used to train a target learning model, e.g., a deep neural network. There are two types of MI attacks in the literature, i.e., these…

Cryptography and Security · Computer Science 2022-08-17 Bo Hui , Yuchen Yang , Haolin Yuan , Philippe Burlina , Neil Zhenqiang Gong , Yinzhi Cao

Concept erasure aims to selectively unlearning undesirable content in diffusion models (DMs) to reduce the risk of sensitive content generation. As a novel paradigm in concept erasure, most existing methods employ adversarial training to…

Computer Vision and Pattern Recognition · Computer Science 2025-11-11 Qinghong Yin , Yu Tian , Heming Yang , Xiang Chen , Xianlin Zhang , Xueming Li , Yue Zhan

Modern machine learning (ML) ecosystems offer a surging number of ML frameworks and code repositories that can greatly facilitate the development of ML models. Today, even ordinary data holders who are not ML experts can apply off-the-shelf…

Cryptography and Security · Computer Science 2024-07-03 Zitao Chen , Karthik Pattabiraman

Black-box adversarial attacks present a realistic threat to action recognition systems. Existing black-box attacks follow either a query-based approach where an attack is optimized by querying the target model, or a transfer-based approach…

Computer Vision and Pattern Recognition · Computer Science 2022-11-24 Rohit Gupta , Naveed Akhtar , Gaurav Kumar Nayak , Ajmal Mian , Mubarak Shah

We present two information leakage attacks that outperform previous work on membership inference against generative models. The first attack allows membership inference without assumptions on the type of the generative model. Contrary to…

Cryptography and Security · Computer Science 2019-06-10 Benjamin Hilprecht , Martin Härterich , Daniel Bernau

Black box attacks, where adversaries have limited knowledge of the target model, pose a significant threat to machine learning systems. Adversarial examples generated with a substitute model often suffer from limited transferability to the…

Machine Learning · Computer Science 2024-10-22 Bar Avraham , Yisroel Mirsky

Today, the training of large language models (LLMs) can involve personally identifiable information and copyrighted material, incurring dataset misuse. To mitigate the problem of dataset misuse, this paper explores \textit{dataset…

Cryptography and Security · Computer Science 2025-12-09 Ruikai Zhou , Kang Yang , Xun Chen , Wendy Hui Wang , Guanhong Tao , Jun Xu

Deep neural networks (DNNs) are increasingly being applied in malware detection and their robustness has been widely debated. Traditionally an adversarial example generation scheme relies on either detailed model information (gradient-based…

Cryptography and Security · Computer Science 2022-09-07 Sun RuiJin , Guo ShiZe , Guo JinHong , Xing ChangYou , Yang LuMing , Guo Xi , Pan ZhiSong

Most existing methods to detect backdoored machine learning (ML) models take one of the two approaches: trigger inversion (aka. reverse engineer) and weight analysis (aka. model diagnosis). In particular, the gradient-based trigger…

Cryptography and Security · Computer Science 2024-07-23 Rui Zhu , Di Tang , Siyuan Tang , Guanhong Tao , Shiqing Ma , Xiaofeng Wang , Haixu Tang